Toshiro wrote: > I guess you use very bad passwords, with any decent password it would take you > much more than a few seconds to find it. No, even with a password of ``oI9fBqNi6MVSXBu1TzCrkIKmh67R4+DcNB0OPERo9yaaHwUt/f7ytv4nLqZs'' (head -n 2 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1) it cracked the zip file in less than 1 sec. The problem isn't getting the password (like it is with salted md5/sha1 breaking), but encryption collisions. The encryption algorithm used by zip is extremely weak, and there were *thousands* of 5 character passwords that have the exact same effect as the one above. -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$ UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K- w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-) b++(+++)@ DI? D? G e->++++ h* r? z* ------END GEEK CODE BLOCK------ David Mandelberg mandelbergd@eth0.is-a-geek.org
Attachment:
signature.asc
Description: OpenPGP digital signature